[wp-trac] [WordPress Trac] #58718: A million dollars security question to Matt Mullenweg about Libsodium and WP updates/encryption interception

WordPress Trac noreply at wordpress.org
Wed Jul 5 15:54:04 UTC 2023 

#58718: A million dollars security question to Matt Mullenweg about Libsodium and
WP updates/encryption interception
---------------------------------------+-----------------------------
 Reporter:  KestutisIT                 |      Owner:  (none)
     Type:  defect (bug)               |     Status:  new
 Priority:  normal                     |  Milestone:  Awaiting Review
Component:  Security                   |    Version:  6.2.2
 Severity:  critical                   |   Keywords:  needs-patch
  Focuses:  privacy, coding-standards  |
---------------------------------------+-----------------------------
 A million dollar question for you. ExpressVPN is using couple encryption
 methods, one of them is ChaCha20/Poly1305. Wikipedia says that
 ChaCha20-Poly1305 is implemented in libsodium. Which is the core
 encryption for security for WordPress and PHP (see tickets -
 https://core.trac.wordpress.org/ticket/39309, also #45806 - ticket ). Matt
 Mullenweg, as I remember wrote that he paid 420,000 USD to Paragon
 Initiative Enterprises ( https://paragonie.com / github.com/paragonie ,
 info at paragonie.com, located at - 2991 35th Ave NE, Naples, Florida, 34120,
 United States. Phone - +1 (239) 234-6745 ), and said it trust their
 experience.

 Today I discovered that hackers at Bite Group Telecommunications center
 (owner one of 3 biggest telecommunication providers in Lithuania and many
 Europe countries) are able to intercept and stop delivering images
 encrypted with ChaCha20/Poly1305 encryption cipher, over Lightway UDP, I
 tested with OnlyFans (we all know that creepy psychopats sits at Bite
 Group telecomuncations centers in Lithuania that wants to access images
 not suppose to be given to then). But cannot do the same with AES. So if
 the bad guys at Bite can hack ChaCha20/Poly1305, meaning that anything
 that is encrypted with libsodium is also can be changed and delivered
 differently that expected (including UPDATES AUTOMATICALLY SIGNING
 WORDPRESS CORE). So million dollar question - who is responsible for all
 this and who will pay the fines. As it is terrisome news on WordPress and
 PHP security.

 ERIC MANN WROTE 5 YEARS AGO that it is peer reviewed and recommended:


 "(Replying to paragoninitiativeenterprises):
 I have not suddenly had enough of a financial windfall to be able to pay
 NCC Group, Kudelski Security, Least Authority, or another trusted firm
 $2,000-$4,000 per day for a N-week engagement (where N >= 2) to audit
 sodium_compat.
 I started discussions with Mozilla about covering such an audit last year.
 It never went anywhere.
 I would absolutely love if an organization with the necessary financial
 resources would contribute to such an audit. Sodium is now in PHP as a
 core extension and is fast becoming the standard used for secure crypto in
 our community. It's fast, secure, and well-supported in a variety of
 languages. Even projects like GNIIBE-org GnuPG are moving to the crypto
 primitives exposed by Sodium.
 Even without a formal audit, this is a well-established, well-known
 library. It's baked into Joomla, CodeIgniter, and many other projects -
 just take a look at Packagist! Some modern projects will just push devs
 towards using the native PHP 7.2 support for Sodium or the Pecl extension
 for PHP7+ ... WordPress can't do either of those because of our support
 for even older versions of PHP. sodium_compat literally exists to allow
 devs who can't use 7.2 or the Pecl package to still use secure crypto.
 What sort of peer review has the sodium_compat library had?
 Aside from Michael Babker, a lot of security/cryptography experts have
 looked at it on some capacity.
 However, none of them have given public statements of endorsement. I'll
 ask some of them to comment on whether or not they would recommend it.
 I've written extensively about both Sodium itself and the sodium_compat
 module as an efficient polyfill for developers who can't use the modern
 extensions available in PHP >= 7.0. By "extensively" I mean several
 references in publications like php[architect] and even an book on secure
 PHP application development.
 I work on cryptographically-secure tools for a living. I write PHP code
 for a living. I wouldn't recommend sodium_compat unless I was confident in
 it. My job literally depends on the quality of this library. I've reviewed
 several Sodium compatibility libraries while building out our team's
 products (in multiple languages, including Go, Java, and Ruby).
 sodium_compat is head and shoulders about the rest in terms not just of
 quality but also coverage of the Sodium library itself. Many others merely
 implement a handful of functions for a specific project; sodium_compat
 provides _full_ support for all of Sodium's functionality, meaning
 developers aren't limited to just one part of the library.
 Whenever PHP and WordPress developers ask me about crypto, the first thing
 I tell them to do is upgrade to PHP 7.2 so they can use Sodium. Even then
 I encourage the use of sodium_compat merely so their code is more portable
 - it will use the native extension if available, fall back to the Pecl
 module if needed, then leverage a PHP-based implementation as a last
 resort.
 Has the library undergone peer review? Yes.
 Is it something other devs in the crypto world recommend? Yes.
 Is this something we should have in WordPress so WP devs can be using
 quality, industry-standard best practices when it comes to crypto? YES!"

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58718>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list